Vulnerability in Openstack Essex
CVE-2012-3542
OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative…
EPSS: 0.019 (83.8th percentile) — read the EPSS interpretation.
Affected products
- Openstack Essex — versions 2012.1
- Openstack Horizon — versions folsom-3
- N/a — versions n/a
Weakness classification (CWE)
References
- 50467 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- 55326 (vdb-entry, x_refsource_BID)
- [openstack] 20120830 [OSSA 2012-013] Keystone, Lack of authorization for adding users to tenants (CVE-2012-3542) (mailing-list, x_refsource_MLIST)
- secalert@redhat.com (x_refsource_CONFIRM, Patch)
- [oss-security] 20120830 [OSSA 2012-013] Keystone, Lack of authorization for adding users to tenants (CVE-2012-3542) (mailing-list, x_refsource_MLIST)
- secalert@redhat.com (x_refsource_CONFIRM, Patch)
- 50494 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- secalert@redhat.com (x_refsource_CONFIRM)
- USN-1552-1 (x_refsource_UBUNTU, vendor-advisory)